CHAPT ER
56-1
Cisco ASA 5500 Series Configuration Guide using the CLI
56
Configuring Threat Detection
This chapter describes how to configure threat detection statistics and scanning threat detection and
includes the following sections:
Information About Threat Detection, page 56-1
Licensing Requirements for Threat Detection, page 56-1
Configuring Basic Threat Detection Statistics, page56-2
Configuring Advanced Threat Detection Statistics, page56-6
Configuring Scanning Threat Detection, page56-15
Configuration Examples for Threat Detection, page56-19
Information About Threat Detection
The threat detection feature consists of the following elements:
Different levels of statistics gathering for various threats.
Threat detection statistics can help you manage threats to your ASA; for example, if you enable
scanning threat detection, then viewing statistics can help you analyze the threat. You can configure
two types of threat detection statistics:
Basic threat detection statistics—Includes information about attack activity for the system as a
whole. Basic threat detection statistics are enabled by default and have no performance impact.
Advanced threat detection statistics—Tracks activity at an object level, so the ASA can report
activity for individual hosts, ports, protocols, or access lists. Advanced threat detection statistics
can have a major performance impact, depending on the statistics gathered, so only the access
list statistics are enabled by default.
Scanning threat detection, which determines when a host is performing a scan.
You can optionally shun any hosts determined to be a scanning threat.
Licensing Requirements for Threat Detection
The following table shows the licensing requirements for this feature: